i users of application able create roles dynamically , assign permissions roles. therefor roles model not going hardcoded. though, permissions, far understand have hard-coded (because i'm going hardcode theirs checks in application logic)
the best way see keep roles in database , create them on fly , assign \ un-assign permissions. , permissions should kept in array (or hash, or associative array) , should changed developer , require server restart.
everything seems fine, read best practices of permission based authorization (i can find lot rolebased authorization, not permission based) , possible disadvantages.
also, can't yet find best way manage "levels" of permissions. example, have permissions called: "act admin", "manage users", "create/read/update/delete user"
i let role permission of "act admin" (manager users, crud users etc). role permission of "manage users" - automatically can crud users. approach better because won't require 1 check lot of "or" conditions (can act adminm, or can manage users, or can crud user...)
but how should keep permissions hash (array etc) in memory purposes?
i suppose, question language / framework / etc agnostic won't add such tags
Comments
Post a Comment